Plugins::FreeRDP: add security level

Author: KangLin

App/Client/mainwindow.cpp

@@ -1041,7 +1041,7 @@ int MainWindow::Start(COperate *pOperate, bool set, QString szFile)
     });
     Q_ASSERT(check);
     check = connect(pOperate, &COperate::sigSecurityLevel,
-                    this, [this, pOperate](CSecurityLevel::Level level) {
+                    this, [this, pOperate](CSecurityLevel::Levels level) {
         if(m_pView && pOperate) {
             if(m_pView->GetCurrentView() == pOperate->GetViewer())
                 slotCurrentViewChanged(pOperate->GetViewer());

Plugins/FreeRDP/Client/BackendFreeRDP.cpp

@@ -79,6 +79,7 @@ CBackendFreeRDP::CBackendFreeRDP(COperateFreeRDP *pOperate)
 #ifdef HAVE_LIBSSH
     , m_pThreadSSH(nullptr)
 #endif
+    , m_SecurityLevel(CSecurityLevel::Level::No)
 {
     qDebug(log) << Q_FUNC_INFO;
     m_pParameter = qobject_cast<CParameterFreeRDP*>(pOperate->GetParameter());
@@ -165,10 +166,12 @@ CBackendFreeRDP::OnInitReturnValue CBackendFreeRDP::OnInit()
         freerdp_settings_set_string(
             settings, FreeRDP_Username,
             user.GetUser().toStdString().c_str());
-    if(!user.GetPassword().isEmpty())
+    if(!user.GetPassword().isEmpty()) {
         freerdp_settings_set_string(
             settings, FreeRDP_Password,
             user.GetPassword().toStdString().c_str());
+        m_SecurityLevel |= CSecurityLevel::Level::Authentication;
+    }
 
     freerdp_settings_set_bool(
         settings, FreeRDP_RedirectClipboard, m_pParameter->GetClipboard());
@@ -586,6 +589,7 @@ int CBackendFreeRDP::cbClientStart(rdpContext *context)
         QString szInfo = tr("Connected to ") + szServer;
         qInfo(log) << szInfo;
         emit pThis->sigInformation(szInfo);
+        emit pThis->sigSecurityLevel(pThis->m_SecurityLevel);
     } else {
         //DWORD dwErrCode = freerdp_error_info(instance);
         UINT32 nRet = freerdp_get_last_error(context);
@@ -1544,8 +1548,10 @@ BOOL CBackendFreeRDP::cb_authenticate(freerdp* instance, char** username,
             *domain = _strdup(szDomain.toStdString().c_str());
         if(!szName.isEmpty() && username)
             *username = _strdup(szName.toStdString().c_str());
-        if(password)
+        if(password) {
             *password = _strdup(szPassword.toStdString().c_str());
+            pThis->m_SecurityLevel |= CSecurityLevel::Level::Authentication;
+        }
     } else
         return FALSE;
 
@@ -1575,8 +1581,11 @@ BOOL CBackendFreeRDP::cb_GatewayAuthenticate(freerdp *instance,
             *domain = _strdup(szDomain.toStdString().c_str());
         if(!szName.isEmpty() && username)
             *username = _strdup(szName.toStdString().c_str());
-        if(password)
+        if(password) {
             *password = _strdup(szPassword.toStdString().c_str());
+            pThis->m_SecurityLevel |= CSecurityLevel::Level::Authentication;
+        }
+        pThis->m_SecurityLevel |= CSecurityLevel::Level::Gateway;
     } else
         return FALSE;
 
@@ -1675,6 +1684,13 @@ DWORD CBackendFreeRDP::cb_verify_certificate_ex(freerdp *instance,
         //pThis->m_pParameter->SetServerName(common_name);
         emit pThis->sigServerName(common_name);
     }
+    
+    // Set security level
+    pThis->m_SecurityLevel |= CSecurityLevel::Level::SecureChannel;
+    if (flags & VERIFY_CERT_FLAG_GATEWAY)
+        pThis->m_SecurityLevel |= CSecurityLevel::Level::Gateway;
+    if (flags & VERIFY_CERT_FLAG_REDIRECT)
+        pThis->m_SecurityLevel |= CSecurityLevel::Level::Redirect;
 
     if(!pThis->m_pParameter->GetShowVerifyDiaglog()) {
         /* return 1 to accept and store a certificate, 2 to accept
@@ -1695,8 +1711,9 @@ DWORD CBackendFreeRDP::cb_verify_certificate_ex(freerdp *instance,
 #endif
 
     QString szType = tr("RDP-Server");
-    if (flags & VERIFY_CERT_FLAG_GATEWAY)
+    if (flags & VERIFY_CERT_FLAG_GATEWAY) {
         szType = tr("RDP-Gateway");
+    }
     if (flags & VERIFY_CERT_FLAG_REDIRECT)
         szType = tr("RDP-Redirect");
 
@@ -1781,6 +1798,13 @@ DWORD CBackendFreeRDP::cb_verify_changed_certificate_ex(freerdp *instance,
     if(common_name)
         emit pThis->sigServerName(common_name);
 
+    // Set security level
+    pThis->m_SecurityLevel |= CSecurityLevel::Level::SecureChannel;
+    if (flags & VERIFY_CERT_FLAG_GATEWAY)
+        pThis->m_SecurityLevel |= CSecurityLevel::Level::Gateway;
+    if (flags & VERIFY_CERT_FLAG_REDIRECT)
+        pThis->m_SecurityLevel |= CSecurityLevel::Level::Redirect;
+    
     if(!pThis->m_pParameter->GetShowVerifyDiaglog()) {
         /* return 1 to accept and store a certificate, 2 to accept
          * a certificate only for this session, 0 otherwise */

Plugins/FreeRDP/Client/BackendFreeRDP.h

@@ -191,7 +191,8 @@ public Q_SLOTS:
     int CleanSSHTunnelPipe();
     CSSHTunnelThread* m_pThreadSSH;
 #endif // HAVE_LIBSSH
-
+    
+    CSecurityLevel::Levels m_SecurityLevel;
 private Q_SLOTS:
     void slotConnectProxyServer(QString szHost, quint16 nPort);
 };

Src/Backend.cpp

@@ -75,8 +75,8 @@ int CBackend::SetConnect(COperate *pOperate)
         pOperate, SLOT(slotBlockShowWidget(const QString&, int&, void*)),
         Qt::BlockingQueuedConnection);
     Q_ASSERT(check);
-    check = connect(this, SIGNAL(sigSecurityLevel(CSecurityLevel::Level)),
-                    pOperate, SLOT(slotSetSecurityLevel(CSecurityLevel::Level)));
+    check = connect(this, SIGNAL(sigSecurityLevel(CSecurityLevel::Levels)),
+                    pOperate, SLOT(slotSetSecurityLevel(CSecurityLevel::Levels)));
     Q_ASSERT(check);
     return 0;
 }

Src/Backend.h

@@ -274,7 +274,7 @@ protected Q_SLOTS:
      * \~chinese 当安全级别改变时触发
      * \~english Triggered when the security level changes
      */
-    void sigSecurityLevel(CSecurityLevel::Level level);
+    void sigSecurityLevel(CSecurityLevel::Levels level);
 
 private:
     int SetConnect(COperate* pOperate);

Src/Operate.cpp

@@ -126,12 +126,12 @@ CStats *COperate::GetStats()
     return nullptr;
 }
 
-CSecurityLevel::Level COperate::GetSecurityLevel() const
+CSecurityLevel::Levels COperate::GetSecurityLevel() const
 {
     return m_SecurityLevel;
 }
 
-void COperate::slotSetSecurityLevel(CSecurityLevel::Level level)
+void COperate::slotSetSecurityLevel(CSecurityLevel::Levels level)
 {
     if(m_SecurityLevel == level)
         return;

Src/Operate.h

@@ -395,19 +395,19 @@ class PLUGIN_EXPORT COperate : public QObject
      * \return
      * \see CSecurityLevel
      */
-    [[nodiscard]] virtual CSecurityLevel::Level GetSecurityLevel() const;
+    [[nodiscard]] virtual CSecurityLevel::Levels GetSecurityLevel() const;
 Q_SIGNALS:
     /*!
      * \~chinese 当安全级别改变时触发。其派生类不要直接触发，需要使用 slotSetSecurityLevel 触发
      * \~english Triggered when the security level changes.
      *           Its derived classes should not be triggered directly;
      *           they need to be triggered using slotSetSecurityLevel.
      */
-    void sigSecurityLevel(CSecurityLevel::Level level);
+    void sigSecurityLevel(CSecurityLevel::Levels level);
 protected Q_SLOTS:
-    void slotSetSecurityLevel(CSecurityLevel::Level level);
+    void slotSetSecurityLevel(CSecurityLevel::Levels level);
 private:
-    CSecurityLevel::Level m_SecurityLevel;
+    CSecurityLevel::Levels m_SecurityLevel;
     //!@}
 
 protected Q_SLOTS:

Src/ParameterCompone/Stats.cpp

@@ -1,6 +1,8 @@
 // Author: Kang Lin <kl222@126.com>
 #include "Stats.h"
 
+Q_DECLARE_METATYPE(CSecurityLevel::Levels)
+
 CStats::CStats(CParameterOperate *parent, const QString &szPrefix)
     : CParameterOperate{parent}
     , m_tmInterval(1)
@@ -111,7 +113,7 @@ int CStats::OnSave(QSettings &set)
     return 0;
 }
 
-CSecurityLevel::CSecurityLevel(CSecurityLevel::Level level, QObject* parent)
+CSecurityLevel::CSecurityLevel(Levels level, QObject* parent)
     : QObject(parent)
     , m_Level(level)
 {
@@ -120,7 +122,7 @@ CSecurityLevel::CSecurityLevel(CSecurityLevel::Level level, QObject* parent)
 CSecurityLevel::~CSecurityLevel()
 {}
 
-CSecurityLevel::Level CSecurityLevel::GetLevel() const
+CSecurityLevel::Levels CSecurityLevel::GetLevel() const
 {
     return m_Level;
 }
@@ -145,26 +147,43 @@ QIcon CSecurityLevel::GetIcon() const
     return GetIcon(GetLevel());
 }
 
-QString CSecurityLevel::GetString(Level level)
+QString CSecurityLevel::GetString(const Levels &level)
 {
+    QString szLevel;
+    if(Level::SecureChannel & level) {
+        if(!szLevel.isEmpty())
+            szLevel += " + ";
+        szLevel += tr("Secure channel");
+    }
+    if(Level::Authentication & level) {
+        if(!szLevel.isEmpty())
+            szLevel += " + ";
+        szLevel += tr("Authentication");
+    }
+    if(Level::Proxy & level) {
+        if(!szLevel.isEmpty())
+            szLevel += " + ";
+        szLevel += tr("Proxy");
+    }
+    if(Level::Gateway & level) {
+        if(!szLevel.isEmpty())
+            szLevel += " + ";
+        szLevel += tr("Gateway");
+    }
+    if(Level::Redirect & level) {
+        if(!szLevel.isEmpty())
+            szLevel += " + ";
+        szLevel += tr("Redirect");
+    }
+
     if(Level::No == level)
         return QString();
-    if(Level::Secure == level)
-        return tr("Secure") + ": "
-               + tr("Secure channel") + " + " + tr("Authentication");
-    if(Level::Risky == level)
-        return tr("Risk");
-    if(Level::Secure & level) {
-        QString s = tr("Normal") + ": ";
-        if(Level::SecureChannel & level)
-            s += tr("Secure channel");
-        else if(Level::Authentication & level)
-            s+= tr("Authentication");
-        return s;
-    }
-    if(Level::Normal & level)
-        return tr("Normal");
-    return QString();
+    
+    if(Level::Secure == (level & ~Level::No))
+        return tr("Secure") + ": " + szLevel;
+    if(Level::Secure & level)
+        return tr("Normal") + ": " + szLevel;
+    return tr("Risk");
 }
 
 /*!
@@ -184,51 +203,41 @@ QString CSecurityLevel::GetString(Level level)
  * | 🟡 | `U+1F7E1` | 黄圈 | 注意、谨慎 |
  * | 🟢 | `U+1F7E2` | 绿圈 | 安全 |
  */
-QString CSecurityLevel::GetUnicodeIcon(Level level)
+QString CSecurityLevel::GetUnicodeIcon(const Levels &level)
 {
     if(Level::No == level)
         return QString();
-    if(Level::Secure == level)
+    if(Level::Secure == (level & ~Level::No))
         return "🟢🛡🔐";
-    if(Level::Risky == level)
-        return "🔴";
-    if(Level::Secure & level || Level::Normal & level) {
+    if(Level::Secure & level) {
         QString s = "🟡";
         if(Level::SecureChannel & level)
             s += "🛡";
         else if(Level::Authentication & level)
             s+= "🔐";
         return s;
     }
-    return QString();
+    return "🔴";
 }
 
-QColor CSecurityLevel::GetColor(Level level)
+QColor CSecurityLevel::GetColor(const Levels &level)
 {
     if(Level::No == level)
         return QColor();
-    if(Level::Secure == level)
+    if(Level::Secure == (level & ~Level::No))
         return Qt::GlobalColor::green;
-    if(Level::Risky == level)
-        return Qt::GlobalColor::red;
     if(Level::Secure & level)
         return Qt::GlobalColor::yellow;
-    if(Level::Normal & level)
-        return Qt::GlobalColor::yellow;
-    return QColor();
+    return Qt::GlobalColor::red;
 }
 
-QIcon CSecurityLevel::GetIcon(Level level)
+QIcon CSecurityLevel::GetIcon(const Levels &level)
 {
     if(Level::No == level)
         return QIcon();
-    if(Level::Secure == level)
+    if(Level::Secure == (level & ~Level::No))
         return QIcon::fromTheme("lock");
-    if(Level::Risky == level)
-        return QIcon::fromTheme("unlock");
     if(Level::Secure & level)
         return QIcon::fromTheme("dialog-warning");
-    if(Level::Normal & level)
-        return QIcon::fromTheme("dialog-warning");
-    return QIcon();
+    return QIcon::fromTheme("unlock");
 }

Src/ParameterCompone/Stats.h

@@ -67,39 +67,48 @@ public Q_SLOTS:
  */
 class PLUGIN_EXPORT CSecurityLevel : QObject {
     Q_OBJECT
+
 public:
     enum Level {
-        No = -1,                  // No the function
+        No = 0x8000,          // No the function
 
         Authentication = 0x01,
         SecureChannel = 0x02,     // Channel is secure.
         Proxy = 0x04,
+        Gateway = 0x08,
+        Redirect = 0x010,
 
-        Secure = 0x03,            // Green
-        Normal = 0x04,            // Yellow
-        Risky = 0x00,             // Red
+        Secure = Authentication & SecureChannel,   // Green
+        Normal = Proxy & Gateway & Redirect,       // Yellow
+        Risky = 0x4000,                            // Red
     };
+    Q_ENUM(Level)
+    Q_DECLARE_FLAGS(Levels, Level)
+    Q_FLAG(Levels)
 
-    CSecurityLevel(Level = Level::No, QObject* parent = nullptr);
+    CSecurityLevel(Levels level = Level::No, QObject* parent = nullptr);
     ~CSecurityLevel();
 
-    [[nodiscard]] virtual Level GetLevel() const;
+    [[nodiscard]] virtual Levels GetLevel() const;
     [[nodiscard]] virtual QString GetString() const;
     [[nodiscard]] virtual QColor GetColor() const;
     [[nodiscard]] virtual QString GetUnicodeIcon() const;
     [[nodiscard]] virtual QIcon GetIcon() const;
-    [[nodiscard]] static QString GetString(Level level);
-    [[nodiscard]] static QString GetUnicodeIcon(Level level);
-    [[nodiscard]] static QIcon GetIcon(Level level);
-    [[nodiscard]] static QColor GetColor(Level level);
+    [[nodiscard]] static QString GetString(const Levels &level);
+    [[nodiscard]] static QString GetUnicodeIcon(const Levels &level);
+    [[nodiscard]] static QIcon GetIcon(const Levels &level);
+    [[nodiscard]] static QColor GetColor(const Levels &level);
 
 Q_SIGNALS:
     /*!
      * \~chinese 当安全级别改变时触发
      * \~english Triggered when the security level changes
      */
-    void sigSecurityLevel(Level level);
+    void sigSecurityLevel(Levels level);
 
 private:
-    Level m_Level;
+    Levels m_Level;
 };
+
+// 在类外部声明操作符（通常放在头文件末尾）
+Q_DECLARE_OPERATORS_FOR_FLAGS(CSecurityLevel::Levels)